SAP has released 17 security notes, including four that address critical SQL injection, RCE, and code injection vulnerabilities.
The post SAPβs January 2026 Security Updates Patch Critical Vulnerabilities appeared first on SecurityWeek.
This blog is part of a series where we highlight new or fast-evolving threats in the consumer security landscape. This one looks at how the rapid rise of Artificial Intelligence (AI) is putting users at risk.
In 2025 we saw an ever-accelerating race between AI providers to push out new features. We also saw manufacturers bolt AI onto products simply because it sounded exciting. In many cases, it really shouldnβt have.
Agentic or AI browsers that can act autonomously to execute tasks introduced a new set of vulnerabilitiesβespecially to prompt injection attacks. With great AI power comes great responsibility, and risk. If youβre thinking about using an AI browser, itβs worth slowing down and considering the security and privacy implications first. Even experienced AI providers like OpenAI (the makers of ChatGPT) were unable to keep their agentic browser Atlas secure. By pasting a specially crafted link into the Omnibox, attackers were able to trick Atlas into treating a URL input as a trusted command.
The popularity of AI chatbots created the perfect opportunity for scammers to distribute malicious apps. Even if the AI engine itself worked perfectly, attackers have another way in: fake interfaces. According to BleepingComputer, scammers are already creating spoofed AI sidebars that look identical to real ones from browsers like OpenAIβs Atlas and Perplexityβs Comet. These fake sidebars mimic the real interface, making them almost impossible to spot.
And then thereβs this special category of using AI in products because it sounds cooler with AI or you can ask for more money from buyers.
We saw a plush teddy bear promising βwarmth, fun, and a little extra curiosityβ that was taken off the market after researcher found its built-in AI responding with sexual content and advice about weapons. Conversations escalated from innocent to sexual within minutes. The bear didnβt just respond to explicit prompts, which would have been more or less understandable. Researchers said it introduced graphic sexual concepts on its own, including BDSM-related topics, explained βknots for beginners,β and referenced roleplay scenarios involving children and adults.
Sometimes we rely on AI systems too much and forget that they hallucinate. As in the case where a schoolβs AI system mistook a boyβs empty Doritos bag for a gun and triggered a full-blown police response. Multiple police cars arrived with officers drawing their weapons, all because of a false alarm.
Alongside all this comes a surge in privacy concerns. Some issues stem from the data used to train AI models; others come from mishandled chat logs. Two AI companion apps recently exposed private conversations because users werenβt clearly warned that certain settings would result in their conversations becoming searchable or result in targeted advertising.
Weβve said it before and weβll probably say it again:Β We keep pushing the limits of what AI can do faster than we can make it safe. As long as we keep chasing the newest features, companies will keep releasing new integrations, whether theyβre safe or not.
As consumers, the best thing we can do is stay informed about new developments and the risks that come with them. Ask yourself: Do I really need this? What am I trusting AI with? Whatβs the potential downside? Sometimes itβs worth doing things the slower, safer way.
We donβt just report on privacyβwe offer you the option to use it.
Privacy risks should never spread beyond a headline. Keep your online privacy yours by usingΒ Malwarebytes Privacy VPN.
This blog is part of a series where we highlight new or fast-evolving threats in the consumer security landscape. This one looks at how the rapid rise of Artificial Intelligence (AI) is putting users at risk.
In 2025 we saw an ever-accelerating race between AI providers to push out new features. We also saw manufacturers bolt AI onto products simply because it sounded exciting. In many cases, it really shouldnβt have.
Agentic or AI browsers that can act autonomously to execute tasks introduced a new set of vulnerabilitiesβespecially to prompt injection attacks. With great AI power comes great responsibility, and risk. If youβre thinking about using an AI browser, itβs worth slowing down and considering the security and privacy implications first. Even experienced AI providers like OpenAI (the makers of ChatGPT) were unable to keep their agentic browser Atlas secure. By pasting a specially crafted link into the Omnibox, attackers were able to trick Atlas into treating a URL input as a trusted command.
The popularity of AI chatbots created the perfect opportunity for scammers to distribute malicious apps. Even if the AI engine itself worked perfectly, attackers have another way in: fake interfaces. According to BleepingComputer, scammers are already creating spoofed AI sidebars that look identical to real ones from browsers like OpenAIβs Atlas and Perplexityβs Comet. These fake sidebars mimic the real interface, making them almost impossible to spot.
And then thereβs this special category of using AI in products because it sounds cooler with AI or you can ask for more money from buyers.
We saw a plush teddy bear promising βwarmth, fun, and a little extra curiosityβ that was taken off the market after researcher found its built-in AI responding with sexual content and advice about weapons. Conversations escalated from innocent to sexual within minutes. The bear didnβt just respond to explicit prompts, which would have been more or less understandable. Researchers said it introduced graphic sexual concepts on its own, including BDSM-related topics, explained βknots for beginners,β and referenced roleplay scenarios involving children and adults.
Sometimes we rely on AI systems too much and forget that they hallucinate. As in the case where a schoolβs AI system mistook a boyβs empty Doritos bag for a gun and triggered a full-blown police response. Multiple police cars arrived with officers drawing their weapons, all because of a false alarm.
Alongside all this comes a surge in privacy concerns. Some issues stem from the data used to train AI models; others come from mishandled chat logs. Two AI companion apps recently exposed private conversations because users werenβt clearly warned that certain settings would result in their conversations becoming searchable or result in targeted advertising.
Weβve said it before and weβll probably say it again:Β We keep pushing the limits of what AI can do faster than we can make it safe. As long as we keep chasing the newest features, companies will keep releasing new integrations, whether theyβre safe or not.
As consumers, the best thing we can do is stay informed about new developments and the risks that come with them. Ask yourself: Do I really need this? What am I trusting AI with? Whatβs the potential downside? Sometimes itβs worth doing things the slower, safer way.
We donβt just report on privacyβwe offer you the option to use it.
Privacy risks should never spread beyond a headline. Keep your online privacy yours by usingΒ Malwarebytes Privacy VPN.
Nmap is a powerful open-source tool commonly used by system/network administrators and security professionals to perform network discovery, security auditing, and basic vulnerability assessment.
The post Nmap Cheatsheet appeared first on Black Hills Information Security, Inc..
Nmap, also known as Network Mapper, is a commonly used network scanning tool. As penetration testers, Nmap is a tool we use daily that is indispensable for verifying configurations and identifying potential vulnerabilities.
The post Vulnerability Scanning with NmapΒ appeared first on Black Hills Information Security, Inc..
Hello and welcome! My name is John Strand. In this video, weβre going to be talking about using SpiderTrap to entrap and ensnare any web application pentesters or hackers that [β¦]
The post Messing With Web Attackers With SpiderTrap (Cyber Deception) appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // tl;dr BHIS made some interesting discoveries while working with a customer to audit their Amazon Web Services (AWS) infrastructure. At the time of the discovery, we found [β¦]
The post Securing the Cloud: A Story of Research, Discovery, and Disclosure appeared first on Black Hills Information Security, Inc..
Joff Thyer // The Domain Name System (DNS) is the single most important protocol on the Internet. The distributed architecture of DNS name servers and resolvers has resulted in a [β¦]
The post Tap Into Your Valuable DNS Data appeared first on Black Hills Information Security, Inc..
Kent Ickler & Jordan Drysdale // Preface We had a sysadmin and security professional βAAβ meeting on November 8, 2018. We met and discussed things that seem to be painfully [β¦]
The post WEBCAST: Blue Team-Apalooza appeared first on Black Hills Information Security, Inc..
Matthew Toussain// Portswiggerβs Burpsuite has become the tool of choice for web application penetration testers. OWASPβs Zed Attack Proxy (ZAP) not only fights in the same weight class but also [β¦]
The post WEBCAST: There and Back Again β A Pathfinderβs Tale appeared first on Black Hills Information Security, Inc..
David Fletcher// This blog post is going to illustrate setting up a software access point (AP) on Ubuntu 16.04. Β Having the ability to create a software AP can be very [β¦]
The post How to Build a Soft Access Point in Ubuntu 16.04 appeared first on Black Hills Information Security, Inc..
Brian Fehrman // Youβve sent your phishing ruse, the target has run the Meterpreter payload, and you have shell on their system. Now what? If you follow our blogs, you [β¦]
The post How to Use Nmap with Meterpreter appeared first on Black Hills Information Security, Inc..
BBKing // So Iβm working the other day, and my wife asks me why the TV is on. I donβt know. I didnβt turn it on. But itβs near my [β¦]
The post AppleTV & nmap -sV appeared first on Black Hills Information Security, Inc..
Rick Wisser // All right, youβve taken all the precautions related to your network. You have lockout controls in place, you use awesome password policies (20 characters with uppercase, lowercase, [β¦]
The post Are you Snoopable?! appeared first on Black Hills Information Security, Inc..
Sally Vandeven // In a recent conversation with Paul Asadoorian, he mentioned a Nessus plugin called nmapxml. Β He was not sure how well it worked but suggested I try it [β¦]
The post Nessus & Nmap appeared first on Black Hills Information Security, Inc..
Login
